[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/20995] Read-only data in ELF libraries may be remapped writable
From: |
sandra at codesourcery dot com |
Subject: |
[Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime |
Date: |
Sun, 26 Feb 2017 01:01:55 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=20995
--- Comment #21 from sandra at codesourcery dot com ---
Nope, that's not it. I've attached a tarball with good/bad executables (from
commits 9d19e4fdb7c684329c8b1b72796a0071708dabc7 and
5474d94f03aedba2f832006dc7d680cc15792a7b, respectively) and corresponding
readelf -a and objdump -x output.
And, here is some more information on the dynamic linker crash.
Program received signal SIGSEGV, Segmentation fault.
_dl_relocate_object (scope=0x2aac85b0, reloc_mode=<optimized out>,
address@hidden) at dl-reloc.c:232
232 const char *strtab = (const void *) D_PTR (l, l_info[DT_STRTAB]);
(gdb) bt
#0 _dl_relocate_object (scope=0x2aac85b0, reloc_mode=<optimized out>,
address@hidden) at dl-reloc.c:232
#1 0x2aaaaee0 in dl_main (phdr=<optimized out>, phnum=<optimized out>,
user_entry=<optimized out>, auxv=<optimized out>) at rtld.c:2051
#2 0x2aabcb6c in _dl_sysdep_start (
address@hidden,
address@hidden <dl_main>) at ../elf/dl-sysdep.c:253
#3 0x2aaac148 in _dl_start_final (address@hidden,
address@hidden) at rtld.c:305
#4 0x2aaac448 in _dl_start (arg=0x7ffefa70) at rtld.c:413
#5 0x2aaa8bf0 in _start ()
from
target:/scratch/sandra/nios2-linux-upstream/install/nios2-linux-gnu/libc/lib/ld-linux-nios2.so.1
(gdb) frame 1
#1 0x2aaaaee0 in dl_main (phdr=<optimized out>, phnum=<optimized out>,
user_entry=<optimized out>, auxv=<optimized out>) at rtld.c:2051
2051 _dl_relocate_object (l, l->l_scope, GLRO(dl_lazy) ?
RTLD_LAZY : 0,
(gdb) print *l
$1 = {l_addr = 0, l_name = 0x2aac86d8 "", l_ld = 0x3f20, l_next = 0x0,
l_prev = 0x0, l_real = 0x2aac83f8, l_ns = 0, l_libname = 0x2aac86cc,
l_info = {0x0 <repeats 76 times>}, l_phdr = 0x2034, l_entry = 9612,
l_phnum = 9, l_ldnum = 0, l_searchlist = {r_list = 0x2aac8990, r_nlist = 1},
l_symbolic_searchlist = {r_list = 0x2aac86c8, r_nlist = 0}, l_loader = 0x0,
l_versions = 0x0, l_nversions = 0, l_nbuckets = 0,
l_gnu_bitmask_idxbits = 0, l_gnu_shift = 0, l_gnu_bitmask = 0x0, {
l_gnu_buckets = 0x0, l_chain = 0x0}, {l_gnu_chain_zero = 0x0,
l_buckets = 0x0}, l_direct_opencount = 1, l_type = lt_executable,
l_relocated = 0, l_init_called = 0, l_global = 1, l_reserved = 0,
l_phdr_allocated = 0, l_soname_added = 0, l_faked = 0, l_need_tls_init = 0,
l_auditing = 0, l_audit_any_plt = 0, l_removed = 0, l_contiguous = 0,
l_symbolic_in_local_scope = 0, l_free_initfini = 0, l_rpath_dirs = {
dirs = 0xffffffff, malloced = 0}, l_reloc_result = 0x0, l_versyms = 0x0,
l_origin = 0x0, l_map_start = 8192, l_map_end = 16476, l_text_end = 10488,
l_scope_mem = {0x2aac8554, 0x0, 0x0, 0x0}, l_scope_max = 4,
l_scope = 0x2aac85b0, l_local_scope = {0x2aac8554, 0x0}, l_file_id = {
dev = 0, ino = 0}, l_runpath_dirs = {dirs = 0xffffffff, malloced = 0},
l_initfini = 0x2aac8988, l_reldeps = 0x0, l_reldepsmax = 0, l_used = 1,
l_feature_1 = 0, l_flags_1 = 0, l_flags = 0, l_idx = 0,
l_mach = {<No data fields>}, l_lookup_cache = {sym = 0x0, type_class = 0,
value = 0x0, ret = 0x0}, l_tls_initimage = 0x0, l_tls_initimage_size = 0,
l_tls_blocksize = 0, l_tls_align = 0, l_tls_firstbyte_offset = 0,
l_tls_offset = -1, l_tls_modid = 0, l_tls_dtor_count = 0,
l_relro_addr = 16144, l_relro_size = 240, l_serial = 0, l_audit = 0x2aac8648}
(gdb) print *(l->l_ld)
$2 = {d_tag = 0, d_un = {d_val = 0, d_ptr = 0}}
(gdb)
So, the dynamic linker has only an empty entry in the dynamic section l->l_ld,
the contents of l->l_info are all zeros because it's not finding anything to
initialize them with, and it's getting the SEGV trying to dereference a null
pointer out of this array. I'm still working backwards trying to find where
l->ld is supposed to be getting its contents.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, cvs-commit at gcc dot gnu.org, 2017/02/02
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, sandra at codesourcery dot com, 2017/02/25
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, amodra at gmail dot com, 2017/02/25
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, sandra at codesourcery dot com, 2017/02/25
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime,
sandra at codesourcery dot com <=
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, amodra at gmail dot com, 2017/02/25
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, sandra at codesourcery dot com, 2017/02/26
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, amodra at gmail dot com, 2017/02/26
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, amodra at gmail dot com, 2017/02/26
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, amodra at gmail dot com, 2017/02/26
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, amodra at gmail dot com, 2017/02/26
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, sandra at codesourcery dot com, 2017/02/26
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, amodra at gmail dot com, 2017/02/26
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, cvs-commit at gcc dot gnu.org, 2017/02/27
- [Bug ld/20995] Read-only data in ELF libraries may be remapped writable at runtime, cvs-commit at gcc dot gnu.org, 2017/02/28